config ClusterResourceOverrides as mutating admission webhook via OLM #13
Conversation
openshift-ci-robot
added
size/L
|
/assign @sttts |
|
|
||
| ### Open Questions | ||
|
|
||
| 1. Do we need to protect openshift resources from being overcommitted? Perhaps the cluster-admin's intent is exactly that. |
There was a problem hiding this comment.
i would not recommend that to any cluster-admin.
| ### Open Questions | ||
|
|
||
| 1. Do we need to protect openshift resources from being overcommitted? Perhaps the cluster-admin's intent is exactly that. | ||
| 2. We cannot uniformly apply protection just to our payload resources, how do we position this? |
There was a problem hiding this comment.
we could have an opt-in per namespace behavior. the world has evolved around us since this original plug-in was conceived, it is possible that operators that take resource requirements as input could attempt to reconcile a overriden resource, but that is not much different than limit ranges already.
| 2. We cannot uniformly apply protection just to our payload resources, how do we position this? | ||
| External teams may be surprised that their resource requirements are not respect, but ultimately the cluster-admin is in | ||
| control of his cluster. This is what running self-hosted means. | ||
| 3. How are OLM operators tested against OpenShift levels? |
There was a problem hiding this comment.
One can test with OLM during openshift CI by creating a config map catalog source of the CSV, using a testing script to get the CSV installed and running, and then run any smoke tests that by the user.
We have put together a small script to help with this testing.
| 3. How are OLM operators tested against OpenShift levels? | ||
| 4. How do we build and distribute this OLM operator using OpenShift CI? | ||
| 5. How do we describe version skew limitations to OLM so our operator gets uninstalled *before* an illegal downgrade or upgrade? | ||
| This is a concrete case of the API we want to use isn't available before 1.16 and after 1.18, the previous API could be gone. |
There was a problem hiding this comment.
To clarify, this is not a strict requirement for 1.16, just an API graduated to a new version.
|
/assign @tkashem |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, tkashem The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The
autoscaling.openshift.io/ClusterResourceOverrideadmission plugin is an uncommonly used admission plugin with configuration values. Because it is uncommonly used, it doesn't fit well with our targeted configuration which aims to avoid adding lots of intricately documented knobs. Instead of wiring the admission plugin via a kube-apiserver operator, we can createa mutating admission webhook based on the generic-admission-server and install it via OLM.@mcurry-rh
@openshift/sig-master